I have a recurring problem with several FltIsDirectory calls hanging forever
on a NTFS wait. Each call comes from a write pre-op. The two threads are
in the same process from svchost.exe. The two hung threads are shown below
from a “!process 0 7” dump. DeqoCPS is my mini-filter.
Does anyone have any idea what I could be doing to cause this? The only
requirement the docs make for FltIsDirectory is that IRQL <= APC_LEVEL and
I assume this is satisfied since it is in a pre-write. There appears to be
nothing else hanging inside my filter other than these calls. Nothing is
waiting.
THREAD 81f34af0 Cid 0380.04d8 Teb: 7ffa7000 Win32Thread: e1a63a50 WAIT:
(Executive) KernelMode Non-Alertable
f6661184 NotificationEvent
IRP List:
82f4ee28: (0006,01d8) Flags: 40000a00 Mdl: 00000000
Impersonation token: e1a27b08 (Level Impersonation)
Owning Process 81f27da0 Image: svchost.exe
Wait Start TickCount 8830 Ticks: 87453 (0:00:22:46.453)
Context Switch Count 18 LargeStack
UserTime 00:00:00.0000
KernelTime 00:00:00.0031
Start Address kernel32!BaseThreadStartThunk (0x77e5e398)
Win32 Start Address schedsvc!PfSvcMainThread (0x749c87dc)
Stack Init f6662000 Current f6661108 Base f6662000 Limit f665f000 Call 0
Priority 8 BasePriority 8 PriorityDecrement 0 DecrementCount 0
ChildEBP RetAddr Args to Child
f6661120 8083c898 81f34b60 81f34af0 80831c6e nt!KiSwapContext+0x2f (FPO:
[EBP 0xf6661154] [0,0,4])
f666112c 80831c6e f666146c e15ffa40 00000000 nt!KiSwapThread+0x46 (FPO:
[0,0,0])
f6661154 bbcbbb6b 00000000 00000000 00000000 nt!KeWaitForSingleObject+0x22e
(FPO: [Non-Fpo])
f6661194 bbc809fd e15ffa40 bbc50460 00000000 Ntfs!NtfsWaitForIoAtEof+0xa5
(FPO: [Non-Fpo])
f66611f8 bbcc2e1a f6661270 8275ae48 820f3020
Ntfs!NtfsCommonQueryInformation+0x16b (FPO: [Non-Fpo])
f666125c bbcc2f22 f6661270 8275ae48 00000001
Ntfs!NtfsFsdDispatchSwitch+0x112 (FPO: [Non-Fpo])
f6661380 8081fa49 820f3020 8275ae48 820f3020 Ntfs!NtfsFsdDispatchWait+0x1c
(FPO: [Non-Fpo])
f6661398 80ad2128 820f4cc8 8275ae48 00000000 nt!IopfCallDriver+0x51 (FPO:
[0,0,0])
f66613bc bbd266cd 00000001 00000001 00000001 nt!IovCallDriver+0xa0 (FPO:
[Non-Fpo])
f66613d8 8081fa49 820f4cc8 8275ae48 820f4cc8 sr!SrPassThrough+0x16d (FPO:
[Non-Fpo])
f66613f0 80ad2128 bbd9b4ca 8275ae48 00000000 nt!IopfCallDriver+0x51 (FPO:
[0,0,0])
f6661414 bbdcde6c 808b9f68 81befd28 00000000 nt!IovCallDriver+0xa0 (FPO:
[Non-Fpo])
f6661440 bbdd795a 820f4cc8 81fe2d58 f666146c
fltmgr!FltpQueryInformationFile+0x16c (FPO: [Non-Fpo])
f666148c bbd9f0d7 808ea000 00000000 81fe2d58
fltmgr!SetStreamListStandardInformationFlags+0x142 (FPO: [Non-Fpo])
f66614b0 bbd17938 81fe2d58 82109e18 81befd08 fltmgr!FltIsDirectory+0x65
(FPO: [Non-Fpo])
f66614f4 bbd13c93 820f4008 81fe2d58 82109e18
DeqoCPS!CpsGetStreamContext+0x258 (FPO: [Non-Fpo])
f6661554 bbdf0033 820f4f5c f66615a0 f66615d0 DeqoCPS!CpsPreWrite+0xa3 (FPO:
[Non-Fpo])
f6661580 bbd896e6 00000001 00000004 f66615d0 fltmgr!FltvPreOperation+0x3f
(FPO: [Non-Fpo])
f66615ec bbd94e65 f6661638 00000000 82b54fdc
fltmgr!FltpPerformPreCallbacks+0x6a0 (FPO: [Non-Fpo])
f6661604 bbd97dee f6661638 00000000 820f51f0
fltmgr!FltpPassThroughInternal+0xdb (FPO: [Non-Fpo])
f6661620 bbd99255 82b54f00 820f51f0 82b54e28 fltmgr!FltpPassThrough+0x584
(FPO: [Non-Fpo])
f6661654 8081fa49 820f51f0 82b54e28 820f51f0 fltmgr!FltpDispatch+0x187 (FPO:
[Non-Fpo])
f666166c 80ad2128 81fe2d58 00000000 820f51f0 nt!IopfCallDriver+0x51 (FPO:
[0,0,0])
f6661690 808213e9 00000000 f66617e8 f66616cc nt!IovCallDriver+0xa0 (FPO:
[Non-Fpo])
f66616a4 80860ed2 81fe2d0a f66616cc f6661764 nt!IoSynchronousPageWrite+0xaf
(FPO: [Non-Fpo])
f6661780 8086347c e349a008 e349a108 e349a048 nt!MiFlushSectionInternal+0x684
(FPO: [Non-Fpo])
f66617c0 808105bb 00000000 e349a008 00040000 nt!MmFlushSection+0x40a (FPO:
[Non-Fpo])
f6661850 8080d00e 8201d008 02ed0008 f6661894 nt!CcMapAndCopy+0x39b (FPO:
[Non-Fpo])
f66618e0 bbc2e834 81fe2d58 f6661ab0 000d71a6 nt!CcCopyWrite+0x2a6 (FPO:
[Non-Fpo])
f6661ad4 bbc2b7d7 81fac9a8 82f4ee28 820f3020 Ntfs!NtfsCommonWrite+0x2104
(FPO: [Non-Fpo])
f6661b38 8081fa49 820f3020 82f4ee28 820f3020 Ntfs!NtfsFsdWrite+0x113 (FPO:
[Non-Fpo])
f6661b50 80ad2128 820f4cc8 82f4ee28 00000000 nt!IopfCallDriver+0x51 (FPO:
[0,0,0])
f6661b74 bbd26a24 00000001 00000001 00000001 nt!IovCallDriver+0xa0 (FPO:
[Non-Fpo])
f6661b98 8081fa49 820f4cc8 82f4ee28 820f4cc8 sr!SrWrite+0x214 (FPO:
[Non-Fpo])
f6661bb0 80ad2128 808b9f68 00000000 820f4f00 nt!IopfCallDriver+0x51 (FPO:
[0,0,0])
f6661bd4 bbd98d44 820f51f0 00000000 820e4000 nt!IovCallDriver+0xa0 (FPO:
[Non-Fpo])
f6661bfc bbd99269 f6661c1c 820f51f0 00000000
fltmgr!FltpLegacyProcessingAfterPreCallbacksCompleted+0x3cc (FPO: [Non-Fpo])
f6661c38 8081fa49 820f51f0 82f4ee28 820f51f0 fltmgr!FltpDispatch+0x19b (FPO:
[Non-Fpo])
f6661c50 80ad2128 81f34d00 80b953e8 82f4ee28 nt!IopfCallDriver+0x51 (FPO:
[0,0,0])
f6661c74 8092f57e 82f4efdc 00000000 82f4ee28 nt!IovCallDriver+0xa0 (FPO:
[Non-Fpo])
THREAD 81ce3490 Cid 0380.0604 Teb: 7ff98000 Win32Thread: e19bdd20 WAIT:
(Executive) KernelMode Non-Alertable
f6451180 NotificationEvent
IRP List:
82f10e28: (0006,01d8) Flags: 40000a00 Mdl: 00000000
Not impersonating
DeviceMap e10036e8
Owning Process 81f27da0 Image: svchost.exe
Wait Start TickCount 6158 Ticks: 90125 (0:00:23:28.203)
Context Switch Count 34 LargeStack
UserTime 00:00:00.0015
KernelTime 00:00:00.0093
Start Address kernel32!BaseThreadStartThunk (0x77e5e398)
Win32 Start Address advapi32!ScSvcctrlThreadW (0x77df0b91)
Stack Init f6452000 Current f6451104 Base f6452000 Limit f644e000 Call 0
Priority 14 BasePriority 8 PriorityDecrement 6 DecrementCount 16
ChildEBP RetAddr Args to Child
f645111c 8083c898 81ce3500 81ce3490 80831c6e nt!KiSwapContext+0x2f (FPO:
[EBP 0xf6451150] [0,0,4])
f6451128 80831c6e f6451468 e16414f8 00000000 nt!KiSwapThread+0x46 (FPO:
[0,0,0])
f6451150 bbcbbb6b 00000000 00000000 00000000 nt!KeWaitForSingleObject+0x22e
(FPO: [Non-Fpo])
f6451190 bbc809fd e16414f8 bbc50460 00000000 Ntfs!NtfsWaitForIoAtEof+0xa5
(FPO: [Non-Fpo])
f64511f4 bbcc2e1a f645126c 82ec4e48 820f3020
Ntfs!NtfsCommonQueryInformation+0x16b (FPO: [Non-Fpo])
f6451258 bbcc2f22 f645126c 82ec4e48 00000001
Ntfs!NtfsFsdDispatchSwitch+0x112 (FPO: [Non-Fpo])
f645137c 8081fa49 820f3020 82ec4e48 820f3020 Ntfs!NtfsFsdDispatchWait+0x1c
(FPO: [Non-Fpo])
f6451394 80ad2128 820f4cc8 82ec4e48 00000000 nt!IopfCallDriver+0x51 (FPO:
[0,0,0])
f64513b8 bbd266cd 00000001 00000001 00000001 nt!IovCallDriver+0xa0 (FPO:
[Non-Fpo])
f64513d4 8081fa49 820f4cc8 82ec4e48 820f4cc8 sr!SrPassThrough+0x16d (FPO:
[Non-Fpo])
f64513ec 80ad2128 bbd9b4ca 82ec4e48 00000000 nt!IopfCallDriver+0x51 (FPO:
[0,0,0])
f6451410 bbdcde6c 808b9f68 81f35f58 00000000 nt!IovCallDriver+0xa0 (FPO:
[Non-Fpo])
f645143c bbdd795a 820f4cc8 8204a778 f6451468
fltmgr!FltpQueryInformationFile+0x16c (FPO: [Non-Fpo])
f6451488 bbd9f0d7 808ea000 00000000 8204a778
fltmgr!SetStreamListStandardInformationFlags+0x142 (FPO: [Non-Fpo])
f64514ac bbd17938 8204a778 82109e18 81f35f38 fltmgr!FltIsDirectory+0x65
(FPO: [Non-Fpo])
f64514f0 bbd13c93 820f4008 8204a778 82109e18
DeqoCPS!CpsGetStreamContext+0x258 (FPO: [Non-Fpo])
f6451550 bbdf0033 82066864 f645159c f64515cc DeqoCPS!CpsPreWrite+0xa3 (FPO:
[Non-Fpo])
f645157c bbd896e6 00000001 00000004 f64515cc fltmgr!FltvPreOperation+0x3f
(FPO: [Non-Fpo])
f64515e8 bbd94e65 f6451634 00000000 82f0afdc
fltmgr!FltpPerformPreCallbacks+0x6a0 (FPO: [Non-Fpo])
f6451600 bbd97dee f6451634 00000000 820f51f0
fltmgr!FltpPassThroughInternal+0xdb (FPO: [Non-Fpo])
f645161c bbd99255 82f0af00 820f51f0 82f0ae28 fltmgr!FltpPassThrough+0x584
(FPO: [Non-Fpo])
f6451650 8081fa49 820f51f0 82f0ae28 820f51f0 fltmgr!FltpDispatch+0x187 (FPO:
[Non-Fpo])
f6451668 80ad2128 8204a778 00000000 820f51f0 nt!IopfCallDriver+0x51 (FPO:
[0,0,0])
f645168c 808213e9 00000000 f64517e8 f64516c8 nt!IovCallDriver+0xa0 (FPO:
[Non-Fpo])
f64516a0 80860ed2 8204a70a f64516c8 f6451760 nt!IoSynchronousPageWrite+0xaf
(FPO: [Non-Fpo])
f645177c 8086347c e1618358 e161835c e161835c nt!MiFlushSectionInternal+0x684
(FPO: [Non-Fpo])
f64517bc 808106b3 00000000 e1618358 00000086 nt!MmFlushSection+0x40a (FPO:
[Non-Fpo])
f64517d4 80810531 81c9b798 00000000 00000000 nt!CcMapAndCopy+0x493 (FPO:
[Non-Fpo])
f6451850 8080d00e 81c9b798 019d04f4 f6451894 nt!CcMapAndCopy+0x311 (FPO:
[Non-Fpo])
f64518e0 bbc2e834 8200ef00 f6451ab0 00000086 nt!CcCopyWrite+0x2a6 (FPO:
[Non-Fpo])
f6451ad4 bbc2b7d7 81ef6ef0 82f10e28 820f3020 Ntfs!NtfsCommonWrite+0x2104
(FPO: [Non-Fpo])
f6451b38 8081fa49 820f3020 82f10e28 820f3020 Ntfs!NtfsFsdWrite+0x113 (FPO:
[Non-Fpo])
f6451b50 80ad2128 820f4cc8 82f10e28 00000000 nt!IopfCallDriver+0x51 (FPO:
[0,0,0])
f6451b74 bbd26a24 00000001 00000001 00000001 nt!IovCallDriver+0xa0 (FPO:
[Non-Fpo])
f6451b98 8081fa49 820f4cc8 82f10e28 820f4cc8 sr!SrWrite+0x214 (FPO:
[Non-Fpo])
f6451bb0 80ad2128 808b9f68 00000000 82066808 nt!IopfCallDriver+0x51 (FPO:
[0,0,0])
f6451bd4 bbd98d44 820f51f0 00000000 820e4000 nt!IovCallDriver+0xa0 (FPO:
[Non-Fpo])
f6451bfc bbd99269 f6451c1c 820f51f0 00000000
fltmgr!FltpLegacyProcessingAfterPreCallbacksCompleted+0x3cc (FPO: [Non-Fpo])
f6451c38 8081fa49 820f51f0 82f10e28 820f51f0 fltmgr!FltpDispatch+0x19b (FPO:
[Non-Fpo])
f6451c50 80ad2128 81ce36a0 80b953e8 82f10e28 nt!IopfCallDriver+0x51 (FPO:
[0,0,0])